Secure Mobile Access 10.2 Deployment Guide

Configuring SMA to LAN Connectivity

Before continuing, you must add a new SMA custom zone. Refer to Adding a New SMA Custom Zone for more information.

For users to access local resources through the SMA appliance, you must configure your gateway device to allow an outside connection through the SMA into your LAN.

To allow an SMA to LAN connection

  1. Using SonicOS, navigate to the OBJECT | Match Objects > Addresses page on the gateway appliance.
  2. In the Address Objects tab, click +Add.
  3. In the Address Object Settings dialog box, create an address object for the X0 interface IP address of your SMA appliance:

    NameName for the SMA appliance
    Zone AssignmentSMA
    IP AddressSMA appliance X0 IP address (default
  4. Click +Add to create the object. After adding, click Close.
  5. Click +Add again to create an address object for the NetExtender range.
  6. In the Add Address Object dialog box, create an address object for the NetExtender range, using the following options:

    NameName for NetExtender range
    Zone AssignmentSMA
    Starting IP AddressStart of the NetExtender IP address range (default
    Ending IP AddressEnd of the NetExtender IP address range (default

  7. Click Save to create the object. Once added, click Close.
  8. On the OBJECT | Match Objects > Addresses page, click the Address Groups tab.
  9. Click +Add.
  10. In the Add Address Groups dialog box, create a group for the X0 interface IP address of your SMA appliance and the NetExtender IP range:

    • Enter a name for the group.
    • In the left column, select the address objects you created and click the right arrow button.
    • Click Save to create the group when both objects are in the right column.

  11. Navigate to the POLICY | Rules and Policies > Access Rules page, and select the Matrix view style.
  12. Click the SMA > LAN icon.
  13. On the page that displays for SMA to LAN, click +Add.
  14. In the Add Rule window, create a rule to allow access to the LAN for the address group you just created:

    Source Zone/InterfaceSMA
    Source DestinationLAN
    Source PortAny
    SourceThe address group you just created, such as SMA and NetExtender.
    Users AllowedAll
    Users ExcludedNone
    ScheduleAlways on
    Select the following check box(es)
    • Enable Logging
    • Allow Fragmented Packets
  15. Click OK to create the rule.

This completes Scenario C.

Some gateway appliances have a default zone named SSLVPN. Do not select this zone when configuring for the SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products.

Continue to Additional Configuration and Testing and Troubleshooting Your Remote Connection.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.